OpenStack upgrade from 16.0 to 16.1 fails with: Error: invalid --security-opt

Solution Verified - Updated -

Issue

During the upgrade process of OpenStack 16.0 to 16.1, if you are running an older version of the package paunch, it can fail like this:

Error running ['podman', 'create', '--name', 'nova_libvirt', '--label', 'config_id=tripleo_step3', '--label', 'container_name=nova_libvirt', '--label', 'managed_by=tripleo-Compute', '--label', 'config_data={\"cpuset_cpus\": \"all\", \"depends_on\": [\"tripleo_nova_virtlogd.service\"], \"environment\": {\"KOLLA_CONFIG_STRATEGY\": \"COPY_ALWAYS\", \"TRIPLEO_CONFIG_HASH\": \"2900ae957406f8f6cb498849722e8850\"}, \"healthcheck\": {\"test\": \"/openstack/healthcheck libvirtd\"}, \"image\": \"internal:8787/rhosp-rhel8/openstack-nova-libvirt:16.1-46\", \"net\": \"host\", \"pid\": \"host\", \"privileged\": true, \"restart\": \"always\", \"security_opt\": [\"label=level:s0\", \"label=type:spc_t\", \"label=filetype:container_share_t\"], \"start_order\": 1, \"ulimit\": [\"nofile=131072\", \"nproc=126960\"], \"volumes\": [\"/etc/hosts:/etc/hosts:ro\", \"/etc/localtime:/etc/localtime:ro\", \"/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro\", \"/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro\", \"/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro\", \"/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro\", \"/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro\", \"/dev/log:/dev/log\", \"/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro\", \"/etc/puppet:/etc/puppet:ro\", \"/var/log/containers/libvirt:/var/log/libvirt:z\", \"/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro\", \"/var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro\", \"/var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro\", \"/var/lib/container-config-scripts/nova_libvirt_launcher.sh:/nova_libvirt_launcher.sh:ro\", \"/etc/ceph:/var/lib/kolla/config_files/src-ceph:ro\", \"/lib/modules:/lib/modules:ro\", \"/dev:/dev\", \"/run:/run\", \"/sys/fs/cgroup:/sys/fs/cgroup\", \"/etc/libvirt:/etc/libvirt\", \"/var/run/libvirt:/var/run/libvirt:shared\", \"/var/cache/libvirt:/var/cache/libvirt:shared\", \"/var/lib/libvirt:/var/lib/libvirt:shared\", \"/var/log/libvirt/qemu:/var/log/libvirt/qemu:ro\", \"/var/lib/vhost_sockets:/var/lib/vhost_sockets\", \"/var/lib/nova:/var/lib/nova:shared\", \"/sys/fs/selinux:/sys/fs/selinux\", \"/etc/selinux/config:/etc/selinux/config:ro\", \"/etc/ipa/ca.crt:/var/lib/kolla/config_files/src-tls/etc/pki/CA/cacert.pem:ro\", \"/etc/pki/libvirt/:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/:ro\", \"/etc/pki/CA/certs/vnc.crt:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt-vnc/ca-cert.pem:ro\", \"/etc/pki/libvirt-vnc:/var/lib/kolla/config_files/src-libvirt-vnc-pki:ro\", \"/etc/pki/qemu/ca-cert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/ca-cert.pem:ro\", \"/etc/pki/qemu/server-cert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/server-cert.pem:ro\", \"/etc/pki/qemu/server-key.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/server-key.pem:ro\", \"/etc/pki/libvirt-nbd:/var/lib/kolla/config_files/src-libvirt-nbd-pki:ro\"]}', '--conmon-pidfile=/var/run/nova_libvirt.pid', '--detach=true', '--log-driver', 'k8s-file', '--log-opt', 'path=/var/log/containers/stdouts/nova_libvirt.log', '--env=KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', '--env=TRIPLEO_CONFIG_HASH=2900ae957406f8f6cb498849722e8850', '--net=host', '--pid=host', '--ulimit=nofile=131072', '--ulimit=nproc=126960', '--privileged=true', '--volume=/etc/hosts:/etc/hosts:ro', '--volume=/etc/localtime:/etc/localtime:ro', '--volume=/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', '--volume=/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro', '--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', '--volume=/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro', '--volume=/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro', '--volume=/dev/log:/dev/log', '--volume=/etc/ipa/ca.crt:/etc/ipa/ca.crt:ro', '--volume=/etc/puppet:/etc/puppet:ro', '--volume=/var/log/containers/libvirt:/var/log/libvirt:z', '--volume=/etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro', '--volume=/var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro', '--volume=/var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro', '--volume=/var/lib/container-config-scripts/nova_libvirt_launcher.sh:/nova_libvirt_launcher.sh:ro', '--volume=/etc/ceph:/var/lib/kolla/config_files/src-ceph:ro', '--volume=/lib/modules:/lib/modules:ro', '--volume=/dev:/dev', '--volume=/run:/run', '--volume=/sys/fs/cgroup:/sys/fs/cgroup', '--volume=/etc/libvirt:/etc/libvirt', '--volume=/var/run/libvirt:/var/run/libvirt:shared', '--volume=/var/cache/libvirt:/var/cache/libvirt:shared', '--volume=/var/lib/libvirt:/var/lib/libvirt:shared', '--volume=/var/log/libvirt/qemu:/var/log/libvirt/qemu:ro', '--volume=/var/lib/vhost_sockets:/var/lib/vhost_sockets', '--volume=/var/lib/nova:/var/lib/nova:shared', '--volume=/sys/fs/selinux:/sys/fs/selinux', '--volume=/etc/selinux/config:/etc/selinux/config:ro', '--volume=/etc/ipa/ca.crt:/var/lib/kolla/config_files/src-tls/etc/pki/CA/cacert.pem:ro', '--volume=/etc/pki/libvirt/:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt/:ro', '--volume=/etc/pki/CA/certs/vnc.crt:/var/lib/kolla/config_files/src-tls/etc/pki/libvirt-vnc/ca-cert.pem:ro', '--volume=/etc/pki/libvirt-vnc:/var/lib/kolla/config_files/src-libvirt-vnc-pki:ro', '--volume=/etc/pki/qemu/ca-cert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/ca-cert.pem:ro', '--volume=/etc/pki/qemu/server-cert.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/server-cert.pem:ro', '--volume=/etc/pki/qemu/server-key.pem:/var/lib/kolla/config_files/src-tls/etc/pki/qemu/server-key.pem:ro', '--volume=/etc/pki/libvirt-nbd:/var/lib/kolla/config_files/src-libvirt-nbd-pki:ro', \"--security-opt=['label=level:s0', 'label=type:spc_t', 'label=filetype:container_share_t']\", 'internal:8787/rhosp-rhel8/openstack-nova-libvirt:16.1-46']. [125]", "", "stdout: ", "stderr: Error: invalid --security-opt 2: \"['label=level:s0', 'label=type:spc_t', 'label=filetype:container_share_t']\""

Environment

  • Red Hat OpenStack Platform 16.0
  • Red Hat OpenStack Platform 16.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content